About Authentication

To be able to use your account on the OUTSCALE Cloud, you need to authenticate. This can be done using various methods and with various degrees of security.

Authentication Schemes

The primary authentication schemes for your account are:

Your access keys. For more information, see About Access Keys.
Your login (email address or username) and your password. For more information, see About Password Protection.

These authentication schemes can be used for the APIs and command line interfaces, as well as for Cockpit.
For more information on authentication for the APIs, see the Authentication Schemes section in the OUTSCALE API documentation.

When using Cockpit, once you are logged in, all subsequent actions are done using an access key.

Elastic Identity Management (EIM) users can log in to Cockpit using access keys, which need to be created for them by the root user. For more information, see Creating an EIM Access Key.
Once EIM users have an access key, they can log in to Cockpit v2 to create their own password which can be used as an authentication method afterward. For more information, see Creating a Password as an EIM User.

Multi-Factor Authentication

You can increase the security of your account by using multi-factor authentication (MFA). This feature adds an extra step of authentication to the primary authentication procedure by requesting another authentication factor.

When using Cockpit v2, you can set up MFA via the following methods:

A security key or device biometrics using WebAuthn. For more information, see Setting Up MFA for Your Account Using WebAuthn or an OTP > WebAuthn.
A one-time password (OTP) using an authentication application. For more information, see Setting Up MFA for Your Account Using WebAuthn or an OTP > One-Time Password.

WebAuthn is a web standard using public key cryptography, that allows to authenticate on web applications through a security key (via USB, like a YubiKey, or built into your smartphone or tablet) or through the biometrics authentication on your computer or smartphone.
An OTP is a short sequence of autogenerated numbers delivered in an application. It is only available for one short period of time, thus making it more difficult to use maliciously.

You can also set up MFA for the APIs and Cockpit v2 using an x509 certificate stored in your computer or another device. For more information, see Tutorial: Setting Up MFA for Your Account Using a Certificate.

Trusted Env and Trusted Sessions

You can add an additional layer of security to your account by activating Trusted Env.

Trusted Env requires that all users of an account, including the root user, authenticate using two factors and only emit calls signed with temporary access keys.

Activating Trusted Env can only be done through the OUTSCALE API and requires that the root user is already only using temporary access keys. For more information, see Activating a Trusted Session.

When Trusted Env is activated, you are using the OUTSCALE Cloud within a trusted session. A trusted session is valid as long as your access keys have not expired. For more information, see About Your API Access Policy > Trusted Session.

When using Cockpit v2 for the first time following the activation of Trusted Env, you must authenticate using the WebAuthn method. If you have not set up this authentication method beforehand, you will have to set it up upon first connection.

After this first connection, if you have also set up a one-time password (OTP), you may use either one of these authentication methods as long as the WebAuthn method is set up. For more information, see Setting Up MFA for Your Account Using WebAuthn or an OTP.

Related Pages